The Dumber Android Is, the Better, Say Experts 165
ZDOne writes "ZDNet UK is reporting that it will not be known until the Android software development kit comes out on Monday whether the Gphone will be strictly Java-based, but security experts claim that the less smart a phone is, the less vulnerable it is. Android developers should stick to a semi-smartphone platform because the Java sandbox can protect against the normal kinds of attacks, experts claim. The article also discusses some of the pros and cons of open vs. closed source security. 'The debate about the relative security merits of open-source as opposed to proprietary software development has been a very long-running one. Open-source software development has the advantage of many pairs of eyes scrutinizing the code, meaning irregularities can be spotted and ironed out, while updates to plug vulnerabilities can be written and pushed out very quickly. However, one of the disadvantages of open-source development is that anyone can scrutinize the source code to find vulnerabilities and write exploits. The source code in proprietary software, on the other hand, can't be directly viewed, meaning vulnerabilities need to be found through reverse engineering.'"
No wrong... (Score:5, Insightful)
perhaps completely unrelated (Score:1, Insightful)
i've been consulting for a new york firm for about 9 months now. i do a lot of traveling, but i'm in the new york home base office at least 4 times a week. i often misplace my card-key - and the receptionist refuses to buzz me in, EVERY TIME. She's always like, "I'm sorry, I don't know who you are." her policy is to never buzz anyone in. She angered the chairman once over it, who was talked out of firing her precisely because he's in the office like 3 times a year. She won't buzz people in and she's unrepentently steadfast about it. She's dumb as dirt.
Simple systems are more likely to be secure than more complex systems in general as they are less prone to component failure.
proprietary security is like creationism (Score:5, Insightful)
Android (Score:4, Insightful)
Open is better (Score:3, Insightful)
Open source does not have any of these problems. Only problem with open source is if you have one person who is significantly smarter than everyone else looking at the code and can come up with an exploit before anyone else notices. This is a more comfortable position to be in as far as I am concerned.
Re:perhaps completely unrelated (Score:3, Insightful)
With that in mind, consider the possibility that you often misplace your security card as your failing. Instead of blaming someone else because they won't fix your life for you, take a little responsibility.
I know, it's a bit of a novel concept at first, but just try it on and see if life gets any better. Likely, it will, because this is one of those aspects of life over which you are actually in control. Or could be.
Wonders of open source (Score:2, Insightful)
Re:Did I miss something? (Score:3, Insightful)
The "many eyes" argument fails as well, though, simply because many eyes do not make for better security. Many hands, on the other... um... hand, make for better response time. Open source code tends to be more agile because it's open.
Embedded systems - feature vs. bug (Score:3, Insightful)
It matters not who is looking at the code in terms of fixing it. It is not updatable. I suppose it is possible that someone might come up with an updatable phone that was 100% impossible to "brick" but so far I've not see it. The risks do not outweigh the rewards with that and the current "experiment" with the iPhone is not proving to be very satisfying. Yes, they have a distribution technique for software updates through iTunes, but how many phones did they lose with the first update?
Treo has a slightly better record, except they do not have a distribution method. You have to download stuff and jump through all kinds of hoops. Perhaps 1 in 10 people update their Treo. I suspect Blackberry isn't much different from that. Also, it is far, far too easy to utterly destroy a Treo with a bad update.
No, I would not count on updates. Too risky and too little penetration. The end result is bugs that get released are features. And they are there to stay.
Re:Wonders of open source (Score:2, Insightful)
The beauty of open source is that it lets people like me contribute little dribbles here and there. I've probably touched a couple of dozen projects; typically only contributing a single fix or small feature, even something as small as the ability to daemonize hot-babe.
Now by itself that's not much, and in the context of progress it's miniscule, but it adds a tiny feature. Certainly I'm not a cathedral builder, I'm more of the guy who comes in and sweeps up the dust by one door.... But with enough sweepers pretty soon the whole place is clean.
So your argument is predicated on the need for cathedral builders, but there are many, many more sweepers like me who contribute one small thing here and there.
That's what closed source is missing. There's no room for the sweepers; the folks who scratch that one minor itch.
Re:proprietary security is like creationism (Score:2, Insightful)
Re:Did I miss something? (Score:1, Insightful)